COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-3502

CVE-2026-3502

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-02
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-3502
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildunpatchedransomwaresupply-chain

TrueConf Client allows attackers to inject tampered update payloads without integrity checks, enabling arbitrary code execution.

This vulnerability permits attackers to substitute update payloads if they control the delivery path, leading to arbitrary code execution during the update process. DIB organizations must ensure update mechanisms enforce integrity verification to prevent unauthorized code execution and potential ransomware entry points.

Shame score — The vulnerability allows arbitrary code execution via tampered updates, a critical failure that could compromise client systems and violate FedRAMP security controls.

Players implicated

TrueConf · vendorClient · product

Description

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.